CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

We have discovered 390 live websites that are affected by CVE-2025-43960.

Run a Free Instant Scan



Affected Software

Product  Adminer
Category Database Managers
Vulnerable Domains390 live websites (82% of Adminer install base)
Vulnerable Versions
  • from 0 through 4.8.1
Vulnerable Versions Count24 versions ( 67% of all versions)



Details

  • Published - Aug 25, 2025
  • Updated - Aug 25, 2025

Website Distribution by Country

Number of websites using CVE-2025-43960
United States116 websites


Czech Republic91 websites
Germany59 websites
France20 websites
Russia17 websites
Netherlands10 websites
Singapore10 websites
China8 websites
Slovakia7 websites
Lithuania6 websites

Website Distribution by TLD

Number of websites using CVE-2025-43960
.com137 websites
.cz85 websites
.ru17 websites
.net16 websites
.org14 websites
.de13 websites
.eu10 websites
.nl7 websites
.io6 websites
.fr6 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-43960

Top websites that are affected by CVE-2025-43960. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.********.com Czech Republic**,***
******.***.pl Poland***,***
*******.pl Poland***,***
****.*****.com United States***,***
*********.com Germany***,***
**************.ru Russia***,***
***.*********.com United States***,***
***********.************.com United States***,***
******.*************.cz Czech Republic***,***
*******.***.cn China***,***
See full domain list

FAQ

A total of 390 websites have been identified as vulnerable to CVE-2025-43960, based on global website indexing conducted by WebTechSurvey.
The Adminer is affected by the CVE-2025-43960 vulnerability.
Adminer versions up to and including 4.8.1 are vulnerable to CVE-2025-43960.